﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;

/// <summary>
/// Summary description for UserDAO
/// </summary>
public class UserDAO
{
    // start login
    public UserDTO Login(UserDTO userDTO)
    {
        using ( SqlConnection conn = UtilityHelper.GetConnection()) 
        {
            try
            {
                SqlDataReader reader = null;
                conn.Open();
                string strSQL = "SELECT * FROM " + Table.User +
                                " WHERE " + User.Password + " = '" + userDTO.Password + "' AND " + 
                                    User.UserName + " = '" + userDTO.UserName+ "'";
                SqlCommand cmd = new SqlCommand(strSQL, conn);
                reader = cmd.ExecuteReader();
                UserDTO user = new UserDTO();
                if (reader !=null )
                {
                    while (reader.Read())
                    {
                       user = GetUserItemFromReader(reader);
                    }
                }
                return user;
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally
            {
                if ( conn != null)
                {
                    conn.Close();
                }
            }
        }
    }
    public UserDTO GetUserItemFromReader(SqlDataReader reader)
    {
        UserDTO user= new UserDTO();
        user.UserName = reader[User.UserName].ToString();
        user.Password = reader[User.Password].ToString();
        user.Email = reader[User.Email].ToString();
        user.UserID = int.Parse(reader[User.UserID].ToString());
        return user;
    }
    // End login
    //-----------------------------------------------------------
    // start register
    public int CheckUserNameAndEmailExist ( UserDTO userDTO)
    {
        using ( SqlConnection conn = UtilityHelper.GetConnection())
        {
            try
            {
                int iCheck = 0; // 0 : chua ton tai ; 1 : username ton tai ; 2 email ton tai
                conn.Open();
                string strSQL_CheckUserName = "SELECT COUNT(*) FROM " + Table.User + 
                                " WHERE " + User.UserName + " = '" + userDTO.UserName+ "'";
                string strSQL_CheckEmail = "SELECT COUNT(*) FROM " + Table.User + 
                                            " WHERE " + User.Email + " = '" + userDTO.Email+"'";
                SqlCommand cmd_CheckUserName = new SqlCommand(strSQL_CheckUserName, conn);
                SqlCommand cmd_CheckEmail = new SqlCommand(strSQL_CheckEmail, conn);
                int i_CheckUserName = int.Parse(cmd_CheckUserName.ExecuteScalar().ToString());
                int i_CheckEmail = int.Parse(cmd_CheckEmail.ExecuteScalar().ToString());
                if (i_CheckEmail > 0)
                {
                    iCheck = 2;
                }
                else if ( i_CheckUserName > 0 )
                {
                    iCheck = 1;
                }
                return iCheck;
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally 
            {
                if (conn != null) 
                {
                    conn.Close();
                }
            }
        }
    }
    public bool Register(UserDTO userDTO)
    {
        using ( SqlConnection conn = UtilityHelper.GetConnection() )
        {
            try
            {
                bool bCheck = false; //false : register fail
                conn.Open();
                string strSQL = "INSERT INTO " + Table.User + " VALUES (@USERNAME,@PASSWORD,@EMAIL)";
                SqlCommand cmd = new SqlCommand(strSQL, conn);
                cmd.Parameters.Add("@USERNAME", System.Data.SqlDbType.VarChar).Value = userDTO.UserName;
                cmd.Parameters.Add("@PASSWORD", System.Data.SqlDbType.VarChar).Value = userDTO.Password;
                cmd.Parameters.Add("@EMAIL", System.Data.SqlDbType.VarChar).Value = userDTO.Email;
                int iCheck = cmd.ExecuteNonQuery();
                if ( iCheck > 0  )
                {
                    bCheck = true;
                }
                return bCheck;
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally
            {
                if ( conn != null) 
                {
                    conn.Close();
                }
            }
        }
    }
    // end register
}